Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/03/19 8:47 p.m.27 views

CVE-2026-27491 Discourse has a bypass of official warnings messages by non-staff users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the...

6.9CVSS0.00326EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/18 8:34 p.m.7 views

CVE-2026-28500

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. A security control bypass exists in the onnx.hub.load function due to improper logic in its repository trust verification. An attacker can exploit this by providing a malicious model,...

9.1CVSS5.6AI score0.00318EPSS
Exploits0References5
OSV
OSV
added 2026/03/18 2:16 a.m.16 views

UBUNTU-CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/16 4:23 p.m.12 views

ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

What's the issue Passing silent=True to onnx.hub.load kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness. python if not verifyreporefrepo and not silent: completely skipped when silent=True print"The model repo...

9.1CVSS6.2AI score0.00318EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/11/04 11:15 p.m.11 views

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...

8.8CVSS0.0036EPSS
Exploits0References1
OSV
OSV
added 2020/04/13 5:15 p.m.5 views

CVE-2020-3126

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote...

3.5CVSS5.8AI score0.00863EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/29 12:0 a.m.3 views

Mozilla Firefox, Firefox ESR and Thunderbird Security Bypass Vulnerability

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...

7.8CVSS8.4AI score0.01232EPSS
Exploits0References1
NVD
NVD
added 2002/12/31 5:0 a.m.14 views

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...

6.4CVSS7.7AI score0.02645EPSS
Exploits1References3
Rows per page
Query Builder